How To Test

TBD

User Experience

Ideally this feature shouldn't be noticeable to the user, the syscall filtering should allow normal execution of the application. Intention is that only people trying to exploit security holes notice that the syscall they are trying to use is blocked :)

Dependencies

Kernel updated to 3.5

libseccomp packaged

QEMU updated to 1.2

Any other apps that want to use this functionality need the the first two bits.

Contingency Plan

Since this is brand new functionality, if it doesn't make it in time for F18, nothing has changed. We just drop this feature page.